Report #10895 check_circle

Binary
DLL
False cancel
Size
534.00KB
trid
62.0% Generic CIL Executable
23.4% Win64 Executable
5.5% Win32 Dynamic Link Library
3.8% Win32 Executable
1.7% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
ff996f1f5dec0ba4ac835e1e8ddfb48d
sha1
2feacc79ee2613fd95eee8658404899fca93a997
crc32
0xf33d09c5
sha224
a4d1d075e0bf3d52210ee6a475280b140fe0141ae9f6e669899dda18
sha256
3a80ea6f6ab00d73ce4423108ea1dca3742544323f3e13006a7357485acf354d
sha384
e4e68514e70434753205ef23a1e1891a2a303b3be1541bdec7179d97011e68299f629b5687522ecede010b4c5b0ecd81
sha512
6d2e96719bbc1ba3a50ed5e9280e7a7b3644009d79630ca25eaa701b92886cba1cdb1b7581b64f4798e6d8b361b7a47efdcdd6530832becfe640076eefdc0d90
ssdeep
12288:0P/duVHDzAFA1ZicTsFSjuVnf+3uryZ4A:mdulDOA1IEsgSW3QA
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, IsWindowsGUI, NETDLLMicrosoft, contentis_base64, android_meterpreter, NETexecutableMicrosoft, IsNET_EXE, IsPacked, IP, IsPE32, Big_Numbers3

Suspicious
True check_circle

Strings
List
d.SN
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
DarkUI.Properties
tSystem.Windows.Forms.Button, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
1.0.0.1
1.0.0.1
1.0.0.1
1.0.0.1
System.Security.Cryptography
h2.A.tZ
t.nG\in`
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
16.0.0.0
AndroidCar.dll
AndroidCar.dll
AndroidCar.dll
HSHELL_GETMINRECT
yiZkZKpqofa.exe
yiZkZKpqofa.exe
yiZkZKpqofa.exe
DarkUI.Properties.Resources
DarkUI.Properties.Resources.resources
Hed.
\ged
SkLVJi<d*
_spacePressed
get_Selected
get_Pressed
DragTimer_Tick
%o#i@-}
%coss*
System.Windows.Forms.Layout
3System.Resources.Tools.StronglyTypedResourceBuilder
get_Splitters
set_Splitters
Yefea
Delegate
fefea
MulticastDelegate
System.Windows.Forms
HSHELL_APPCOMMAND
:Determines whether icons are rendered with the tree nodes.
HSHELL_WINDOWDESTROYED
HSHELL_LANGUAGE
HSHELL_REDRAW
_closeButtonPressed
HSHELL_TASKMAN
IME_SELECT
CPL_LAUNCHED
get_ExpandArea
set_ExpandArea
_expandAreaSize
CPL_LAUNCH
HSHELL_ACTIVATESHELLWINDOW
HSHELL_ACCESSIBILITYSTATE
INPUT_DEVICE_CHANGE
mscoree.dll
mscoree.dll
get_IsRoot
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
get_ResourceManager
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
MENUCOMMAND
get_IsOnDropDown
HSHELL_WINDOWCREATED
HSHELL_WINDOWREPLACED
SYSCOMMAND
UnhookNodeEvents
HookNodeEvents
HSHELL_WINDOWACTIVATED
DESTROYCLIPBOARD
DebuggerBrowsableState
DrawBackground
MDIDESTROY
DebuggableAttribute
DebuggableAttribute
5The section header text associated with this control.
DebuggingModes
DebuggingModes
MENUSELECT
KILLFOCUS
CAPTURECHANGED
ResourceManager
remove_ViewportChanged
HideOverlay
OnRenderDropDownButtonBackground
<ExpandAreaHot>k__BackingField
:Dark themed control and docking library for .NET WinForms.

Foremost
Matches
0.exe, 534 KB, 327.png, 367 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 1.0.0.1, 1, one.one.one.one.
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: AndroidCar.dll, user32.dll, mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2560
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 551646
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, mscoree.dll
hasLibs: True check_circle
Suspicious: androidcar.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-06-25 00:07:45
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
127885
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 227

pushpopmath
.text: 208

ss register
.text: 2

garbagebytes
.text: 71

hookdetection
.text: 2

software breakpoint
.text: 2

fakeconditionaljumps
.text: 10

programcontrolflowchange
.text: 61

cpuinstructionsresultscomparison
.text: 30

AVclass
agenttesla
1
VirusTotal
md5
ff996f1f5dec0ba4ac835e1e8ddfb48d
sha1
2feacc79ee2613fd95eee8658404899fca93a997
SCANS (DETECTION RATE = 61.11%)
AVG
result: Win32:MalwareX-gen [Trj]
update: 20200710
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200709
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=86)
update: 20200710
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200708
version: 6.45
detected: True check_circle

Bkav
update: 20200709
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 005697c31 )
update: 20200709
version: 11.120.34643
detected: True check_circle

ALYac
result: Trojan.GenericKD.43387783
update: 20200710
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:MalwareX-gen [Trj]
update: 20200710
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Kryptik.ynila
update: 20200710
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 85)
update: 20200710
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/MSIL_Kryptik.AYU.gen!Eldorado
update: 20200710
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.InjectNET.14
update: 20200710
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.43387783
update: 20200710
version: A:25.26186B:27.19390
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200709
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20200709
version: 4.4.1
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200710
version: 85082
detected: True check_circle

Zoner
update: 20200710
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200709
version: 0.102.3.0
detected: False cancel

Comodo
update: 20200709
version: 32612
detected: False cancel

F-Prot
result: W32/MSIL_Kryptik.AYU.gen!Eldorado
update: 20200710
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.MSIL.Inject
update: 20200709
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic PWS.y
update: 20200710
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Kryptik!8.8 (CLOUD)
update: 20200710
version: 25.0.0.26
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200709
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.AvsArher.bSIdr7
update: 20200707
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20200709
version: 2.0.0.4126
detected: False cancel

Acronis
update: 20200603
version: 1.1.1.76
detected: False cancel

Alibaba
result: TrojanPSW:MSIL/AgentTesla.1074102b
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D2960B87
update: 20200710
version: 1.0.0.877
detected: True check_circle

Cylance
update: 20200710
version: 2.3.1.101
detected: False cancel

Endgame
result: malicious (high confidence)
update: 20200608
version: 4.0.5
detected: True check_circle

FireEye
result: Generic.mg.ff996f1f5dec0ba4
update: 20200710
version: 32.31.0.0
detected: True check_circle

Sangfor
update: 20200423
version: 1.0
detected: False cancel

TACHYON
update: 20200709
version: 2020-07-09.02
detected: False cancel

Tencent
update: 20200710
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200709
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200710
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_81%
update: 20200710
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.43387783
update: 20200710
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20200709
version: 4.2
detected: False cancel

Emsisoft
result: Trojan.GenericKD.43387783 (B)
update: 20200710
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Kryptik.ynila
update: 20200710
version: 12.0.86.52
detected: True check_circle

Fortinet
result: Malicious_Behavior.SB
update: 20200710
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200709
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200710
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200710
version: 1.0
detected: True check_circle

Trapmine
update: 20200619
version: 3.5.0.987
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Infostealer.R341647
update: 20200709
version: 3.18.0.10009
detected: True check_circle

Antiy-AVL
update: 20200710
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200710
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200622
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:MSIL/AgentTesla.SD!MTB
update: 20200709
version: 1.1.17200.2
detected: True check_circle

Qihoo-360
result: Generic/Trojan.PSW.374
update: 20200710
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200710
version: 1.0
detected: True check_circle

Cybereason
result: malicious.9ee261
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.WNO
update: 20200710
version: 21630
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DFQ20
update: 20200710
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.43387783
update: 20200710
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_60% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 005697c31 )
update: 20200709
version: 11.121.34654
detected: True check_circle

SentinelOne
update: 20200601
version: 4.3.0.105
detected: False cancel

Avast-Mobile
update: 20200709
version: 200709-00
detected: False cancel

Malwarebytes
result: Spyware.Agent
update: 20200710
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200709
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200709
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200710
version: 1.0.134.25119
detected: False cancel

BitDefenderTheta
update: 20200706
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
result: Trojan.GenericKD.43387783
update: 20200710
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200703
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DFQ20
update: 20200710
version: 10.0.0.1040
detected: True check_circle

total
72
sha256
3a80ea6f6ab00d73ce4423108ea1dca3742544323f3e13006a7357485acf354d
scan_id
3a80ea6f6ab00d73ce4423108ea1dca3742544323f3e13006a7357485acf354d-1594342227
resource
ff996f1f5dec0ba4ac835e1e8ddfb48d
positives
44
scan_date
2020-07-10 00:50:27
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
10/7/2020 - 22:45:42.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:45:42.747Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:45:42.747Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:42.747Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:42.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:42.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:45:42.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:45:42.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:45:42.762Open1480C:\malware.exeC:\
10/7/2020 - 22:45:42.762Unknown1480C:\malware.exeC:\
10/7/2020 - 22:45:42.762Open1480C:\malware.exeC:\Windows
10/7/2020 - 22:45:42.762Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 22:45:42.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:42.762Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:42.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:45:42.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:42.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:42.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:42.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:42.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:42.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:42.809Open1480C:\malware.exeC:\malware.exe.config
10/7/2020 - 22:45:42.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 22:45:43.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 22:45:43.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 22:45:43.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 22:45:43.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 22:45:43.278Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 22:45:43.278Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 22:45:43.278Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:45:43.278Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:45:43.278Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:45:43.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:45:43.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:45:43.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:45:43.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 22:45:43.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 22:45:43.293Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 22:45:43.293Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 22:45:43.293Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.293Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 22:45:43.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.934Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:43.981Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:44.28Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.731Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:44.731Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:44.731Open1480C:\malware.exeC:\
10/7/2020 - 22:45:44.731Unknown1480C:\malware.exeC:\
10/7/2020 - 22:45:44.731Open1480C:\malware.exeC:\Monitor
10/7/2020 - 22:45:44.731Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 22:45:44.731Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:45:44.731Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:45:44.731Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:44.731Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:44.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 22:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:45:44.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:45:44.778Open1480C:\malware.exeC:\malware.config
10/7/2020 - 22:45:44.778Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:44.778Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:44.778Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:45:44.778Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.778Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 22:45:44.793Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:44.793Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:44.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:45:44.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:45:44.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:45:44.793Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:45:44.793Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:44.793Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:44.793Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:44.809Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 22:45:44.809Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 22:45:44.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:45:44.809Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.809Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 22:45:44.809Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:44.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 22:45:44.825Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:44.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 22:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:44.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:45.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:45.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:45.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:45.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:45.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:45.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:45.293Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.434Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.434Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:46.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:47.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:47.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:47.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:47.965Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:48.59Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:48.434Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:48.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:48.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:48.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:48.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:48.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:48.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:48.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:48.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:49.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:49.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:49.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:49.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:49.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:49.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:49.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:49.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:49.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:49.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:49.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
10/7/2020 - 22:45:50.684Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
10/7/2020 - 22:45:50.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 22:45:50.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 22:45:50.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 22:45:50.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 22:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.950Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:50.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:51.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:51.90Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:51.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:51.231Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:51.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:51.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:51.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.653Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:51.653Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:51.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.700Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.840Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:51.840Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:51.840Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.840Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:51.840Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.840Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.840Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 22:45:51.887Open1480C:\malware.exeC:\VERSION.dll
10/7/2020 - 22:45:51.887Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:45:51.887Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:45:51.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:51.887Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.887Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.934Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:51.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:51.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:52.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:52.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:52.168Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 22:45:52.309Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 22:45:52.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:52.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:52.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:52.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:52.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:52.825Open1480C:\malware.exeC:\malware.config
10/7/2020 - 22:45:52.825Open1480C:\malware.exeC:\pt-BR\yiZkZKpqofa.resources.dll
10/7/2020 - 22:45:52.825Open1480C:\malware.exeC:\pt-BR\yiZkZKpqofa.resources\yiZkZKpqofa.resources.dll
10/7/2020 - 22:45:52.825Open1480C:\malware.exeC:\pt-BR\yiZkZKpqofa.resources.exe
10/7/2020 - 22:45:52.825Open1480C:\malware.exeC:\pt-BR\yiZkZKpqofa.resources\yiZkZKpqofa.resources.exe
10/7/2020 - 22:45:52.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:45:52.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:45:53.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:45:53.75Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:45:53.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:53.75Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:53.75Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:53.75Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:53.75Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 22:45:53.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 22:45:53.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 22:45:53.75Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
10/7/2020 - 22:45:53.75Open1480C:\malware.exeC:\pt\yiZkZKpqofa.resources.dll
10/7/2020 - 22:45:53.75Open1480C:\malware.exeC:\pt\yiZkZKpqofa.resources\yiZkZKpqofa.resources.dll
10/7/2020 - 22:45:53.75Open1480C:\malware.exeC:\pt\yiZkZKpqofa.resources.exe
10/7/2020 - 22:45:53.75Open1480C:\malware.exeC:\pt\yiZkZKpqofa.resources\yiZkZKpqofa.resources.exe
10/7/2020 - 22:45:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:53.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:53.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:53.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:55.700Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:55.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:56.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:56.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:29.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.840Open1480C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 22:46:30.840Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 22:46:30.840Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 22:46:30.840Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.840Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.840Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.840Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.840Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.840Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.840Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.840Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.856Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.856Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.856Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.856Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:30.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:30.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:31.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:32.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:32.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
10/7/2020 - 22:46:32.872Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:46:32.872Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 22:46:32.872Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 22:46:32.872Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 22:46:32.872Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 22:46:32.918Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 22:46:32.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:32.918Open1480C:\malware.exeC:\WindowsCodecs.dll
10/7/2020 - 22:46:32.918Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 22:46:32.918Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 22:46:32.918Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 22:46:32.918Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 22:46:32.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:34.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:34.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:34.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.715Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
10/7/2020 - 22:46:34.715Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
10/7/2020 - 22:46:34.715Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
10/7/2020 - 22:46:34.715Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
10/7/2020 - 22:46:34.715Open1480C:\malware.exeC:\pt\ReZer0V2.resources.dll
10/7/2020 - 22:46:34.715Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
10/7/2020 - 22:46:34.715Open1480C:\malware.exeC:\pt\ReZer0V2.resources.exe
10/7/2020 - 22:46:34.715Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
10/7/2020 - 22:46:34.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:34.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:34.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:35.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:35.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:35.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:35.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:35.278Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 22:46:35.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:35.372Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:46:35.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:46:35.465Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:46:35.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:46:35.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:35.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:46:35.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:35.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:35.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:35.700Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:35.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:35.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:46:35.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:46:35.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:46:35.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:46:35.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:35.793Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:46:35.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:35.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:35.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:35.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:35.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.262Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.262Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 22:46:36.262Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 22:46:36.262Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.356Open2548C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
10/7/2020 - 22:46:36.356Read2548C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
10/7/2020 - 22:46:36.356Open2548C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 22:46:36.356Open2548C:\malware.exeC:\Monitor
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Monitor
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Monitor
10/7/2020 - 22:46:36.356Open2548C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:36.356Open2548C:\malware.exeC:\Users
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users
10/7/2020 - 22:46:36.356Open2548C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:36.356Open2548C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 22:46:36.356Open2548C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 22:46:36.356Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 22:46:36.356Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 22:46:36.356Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:46:36.356Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 22:46:36.356Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Windows
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Windows
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Windows
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Windows\assembly
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Windows\assembly
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Windows\assembly
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 22:46:36.372Read2548C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 22:46:36.372Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 22:46:36.372Read2548C:\malware.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 22:46:36.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.372Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 22:46:36.387Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\Globalization
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\Globalization
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\Globalization
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 22:46:36.387Unknown2548C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 22:46:36.387Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\System32
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\System32
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\System32
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\System32\apisetschema.dll
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.403Unknown2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.403Open2548C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 22:46:36.418Unknown2548C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 22:46:36.418Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[2].XML
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[2].XML
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UAFCZPL6.TXT
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[2].XML
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
10/7/2020 - 22:46:36.434Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[2].XML
10/7/2020 - 22:46:36.434Read2548C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:36.434Unknown2548C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 22:46:36.450Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:36.450Unknown2548C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 22:46:36.450Unknown2548C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 22:46:36.450Unknown2548C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 22:46:36.450Unknown2548C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:46:36.450Unknown2548C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:36.450Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 22:46:36.450Unknown2548C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows
10/7/2020 - 22:46:36.450Unknown2548C:\malware.exeC:\Windows
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Monitor
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:36.450Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:36.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\malware.exe.config
10/7/2020 - 22:46:36.450Open2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Windows
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:46:36.465Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.465Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.465Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.465Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.465Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\malware.exe.config
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 22:46:36.465Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.465Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 22:46:36.481Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.481Open2548C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:36.481Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:36.481Open2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.481Unknown2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.481Open2548C:\malware.exeC:\
10/7/2020 - 22:46:36.481Unknown2548C:\malware.exeC:\
10/7/2020 - 22:46:36.481Open2548C:\malware.exeC:\Monitor
10/7/2020 - 22:46:36.481Unknown2548C:\malware.exeC:\Monitor
10/7/2020 - 22:46:36.481Open2548C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:36.481Unknown2548C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:36.481Open2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.481Unknown2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.481Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 22:46:36.481Open2548C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:46:36.481Open2548C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:46:36.481Open2548C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:46:36.481Open2548C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:46:36.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:46:36.559Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\malware.config
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.559Unknown2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:36.559Unknown2548C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.559Unknown2548C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.559Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.559Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.559Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.590Open2548C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 22:46:36.590Open2548C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 22:46:36.590Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:46:36.590Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.590Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:46:36.590Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.590Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.590Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.590Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.590Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.590Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.637Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.637Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
10/7/2020 - 22:46:36.637Open2548C:\malware.exeC:\bcrypt.dll
10/7/2020 - 22:46:36.653Open2548C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 22:46:36.653Open2548C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.653Open2548C:\malware.exeC:\dwmapi.dll
10/7/2020 - 22:46:36.653Open2548C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 22:46:36.653Open2548C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.668Open2548C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:36.668Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:36.668Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:36.668Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.715Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:36.715Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:36.715Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 22:46:36.715Open2548C:\malware.exeC:\VERSION.dll
10/7/2020 - 22:46:36.715Open2548C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:36.715Open2548C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:36.715Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:36.715Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.715Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.715Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.762Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.809Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.809Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.809Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.809Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.856Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.856Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.856Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1114812
10/7/2020 - 22:46:36.856Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1114812
10/7/2020 - 22:46:36.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1114812
10/7/2020 - 22:46:36.856Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.856Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.856Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.903Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.903Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.903Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
10/7/2020 - 22:46:36.903Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.903Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.903Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:36.950Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:36.950Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 22:46:36.950Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.950Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:36.950Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.950Open2548C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:36.965Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:37.106Open2548C:\malware.exeC:\RpcRtRemote.dll
10/7/2020 - 22:46:37.106Open2548C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 22:46:37.106Unknown2548C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 22:46:37.106Open2548C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 22:46:37.106Unknown2548C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 22:46:37.153Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 22:46:37.153Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 22:46:37.153Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
10/7/2020 - 22:46:37.153Open2548C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 22:46:37.153Open2548C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 22:46:37.153Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 22:46:37.153Unknown2548C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 22:46:37.153Open2548C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 22:46:37.153Open2548C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 22:46:37.153Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 22:46:37.153Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 22:46:37.168Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 22:46:37.168Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 22:46:37.403Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 22:46:37.403Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 22:46:37.872Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 22:46:37.872Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 22:46:37.872Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
10/7/2020 - 22:46:37.872Open2548C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 22:46:37.872Open2548C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.247Open2548C:\malware.exeC:\SXS.DLL
10/7/2020 - 22:46:38.247Open2548C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 22:46:38.247Open2548C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 22:46:38.247Open2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.247Open2548C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
10/7/2020 - 22:46:38.262Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.262Read2548C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:38.262Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
10/7/2020 - 22:46:38.731Open2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:38.731Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:38.731Open2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:38.731Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Open2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:38.731Read2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Read2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Read2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Read2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Read2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Read2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Read2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Open2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:38.731Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:38.731Read2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Open2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:38.731Open2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:38.731Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Open2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:38.731Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Read2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Open2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:38.731Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.731Open2548C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:46:38.731Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:38.731Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:38.747Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:38.747Open2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:38.747Read2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.747Read2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.747Unknown2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:38.747Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.747Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.747Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.747Open2548C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
10/7/2020 - 22:46:39.700Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 22:46:39.700Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:39.700Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.715Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.715Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.762Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.762Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.762Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:39.762Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:39.809Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.809Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.856Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.903Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:39.950Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.997Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 22:46:40.43Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:46:40.43Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 22:46:40.43Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:46:40.90Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:46:40.137Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:46:40.184Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:46:40.231Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 22:46:40.231Unknown2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:46:40.231Open2548C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:46:40.231Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:40.231Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:40.231Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:40.231Read2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:46:40.231Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:40.418Read2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:40.793Open2548C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
10/7/2020 - 22:46:48.137Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:48.137Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:48.137Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:58.497Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:58.543Read2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:58.590Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:58.684Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:11.59Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:11.106Open2548C:\malware.exeC:\%insfolder%\%insname%
10/7/2020 - 22:47:22.481Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:22.528Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:22.575Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:22.622Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:22.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:47:22.715Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:22.762Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:47:22.809Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:22.856Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:22.903Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:22.950Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:22.997Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:23.43Open2548C:\malware.exeC:\shfolder.dll
10/7/2020 - 22:47:23.43Open2548C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 22:47:23.43Open2548C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 22:47:23.278Open2548C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 22:47:23.278Unknown2548C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 22:47:23.278Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:23.325Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:23.372Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:23.418Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Torch\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\liebao\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Program Files (x86)\jDownloader\config\database.script
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\malware.config
10/7/2020 - 22:47:23.559Open2548C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:47:23.622Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:47:23.622Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:47:23.622Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:47:23.622Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:23.622Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:47:23.622Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:47:23.622Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:47:23.622Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:47:23.622Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:47:23.622Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:23.622Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:47:23.622Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:23.622Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:23.622Read2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:23.668Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:23.715Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:23.762Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:23.809Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:23.856Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:23.903Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:23.950Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:23.997Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:24.43Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:24.90Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:24.137Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:24.184Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:24.231Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:24.278Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:24.325Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:24.372Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:24.418Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 22:47:24.418Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:24.465Read2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:24.512Read2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:24.559Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:24.606Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 22:47:24.606Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:24.653Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:24.700Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:24.747Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:24.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:24.840Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:24.887Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:24.934Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:24.981Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:25.28Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
10/7/2020 - 22:47:25.28Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:25.75Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:25.122Open2548C:\malware.exeC:\vaultcli.dll
10/7/2020 - 22:47:25.122Open2548C:\malware.exeC:\vaultcli.dll
10/7/2020 - 22:47:25.122Open2548C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 22:47:25.122Open2548C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 22:47:25.903Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:25.903Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 22:47:25.918Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 22:47:25.918Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:25.918Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
10/7/2020 - 22:47:25.918Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
10/7/2020 - 22:47:25.918Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 22:47:25.918Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 22:47:25.918Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
10/7/2020 - 22:47:25.934Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 22:47:25.934Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 22:47:25.934Open2548C:\malware.exeC:\Storage
10/7/2020 - 22:47:25.934Open2548C:\malware.exeC:\mail
10/7/2020 - 22:47:25.934Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
10/7/2020 - 22:47:25.934Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
10/7/2020 - 22:47:25.934Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
10/7/2020 - 22:47:25.934Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 22:47:25.934Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 22:47:25.934Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:25.997Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 22:47:25.997Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:26.43Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:26.90Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 22:47:26.90Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 22:47:26.90Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 22:47:26.90Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\UCBrowser
10/7/2020 - 22:47:26.90Open2548C:\malware.exeC:\Program Files (x86)
10/7/2020 - 22:47:26.90Unknown2548C:\malware.exeC:\Program Files (x86)
10/7/2020 - 22:47:26.90Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:26.137Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:26.184Open2548C:\malware.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
10/7/2020 - 22:47:26.184Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 22:47:26.184Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 22:47:26.184Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 22:47:26.184Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 22:47:26.184Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
10/7/2020 - 22:47:26.184Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
10/7/2020 - 22:47:26.184Open2548C:\malware.exeC:\FTP Navigator\Ftplist.txt
10/7/2020 - 22:47:26.418Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:26.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:47:26.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:47:26.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:47:26.465Open2548C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:47:26.465Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:47:26.465Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:47:26.465Open2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:47:26.465Unknown2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:47:26.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 22:47:26.465Open2548C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 22:47:26.465Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
10/7/2020 - 22:47:26.465Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
10/7/2020 - 22:47:26.528Open2548C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 22:47:26.528Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 22:47:26.575Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 22:47:26.575Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.622Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.622Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.622Read2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.668Read2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.715Read2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.762Read2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.809Read2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.856Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 22:47:26.856Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 22:47:26.856Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.856Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.856Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.856Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.856Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.856Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:26.856Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
10/7/2020 - 22:47:26.856Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:26.903Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:26.950Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:26.997Open2548C:\malware.exeC:\Monitor
10/7/2020 - 22:47:26.997Unknown2548C:\malware.exeC:\Monitor
10/7/2020 - 22:47:26.997Open2548C:\malware.exeC:\netsh.exe
10/7/2020 - 22:47:26.997Open2548C:\malware.exeC:\Monitor\netsh.exe
10/7/2020 - 22:47:26.997Open2548C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 22:47:27.43Open2548C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 22:47:27.43Open2548C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 22:47:27.231Open2548C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 22:47:27.231Open2548C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 22:47:27.231Open2548C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 22:47:27.231Open2548C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:47:27.231Unknown2548C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:47:27.231Open2548C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 22:47:27.231Open2548C:\malware.exeC:\
10/7/2020 - 22:47:27.231Unknown2548C:\malware.exeC:\
10/7/2020 - 22:47:27.231Open2548C:\malware.exeC:\Windows
10/7/2020 - 22:47:27.231Unknown2548C:\malware.exeC:\Windows
10/7/2020 - 22:47:27.231Open2548C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:47:27.231Unknown2548C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:47:27.231Open2548C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:47:27.231Unknown2548C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:47:27.231Open2548C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 22:47:27.231Read2548C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 22:47:27.231Read2548C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 22:47:27.231Read2548C:\malware.exeC:\Windows\SysWOW64\netsh.exe
10/7/2020 - 22:47:27.231Open2548C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
10/7/2020 - 22:47:27.231Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:27.231Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:27.231Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:27.293Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\Prefetch\NETSH.EXE-CD959116.pf
10/7/2020 - 22:47:27.293Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows
10/7/2020 - 22:47:27.293Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:47:27.293Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:47:27.293Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:47:27.293Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:47:27.293Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:47:27.293Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:47:27.293Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 22:47:27.293Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows
10/7/2020 - 22:47:27.293Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows
10/7/2020 - 22:47:27.293Open2908C:\Windows\SysWOW64\netsh.exeC:\Monitor
10/7/2020 - 22:47:27.465Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:47:27.465Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:47:27.465Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
10/7/2020 - 22:47:27.465Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
10/7/2020 - 22:47:27.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 22:47:27.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 22:47:27.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:47:27.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:47:27.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:47:27.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:47:27.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:47:27.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:47:27.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.mui
10/7/2020 - 22:47:27.528Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe.Local
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:47:27.543Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.Manifest
10/7/2020 - 22:47:27.543Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
10/7/2020 - 22:47:27.543Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
10/7/2020 - 22:47:27.559Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
10/7/2020 - 22:47:27.559Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
10/7/2020 - 22:47:27.559Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
10/7/2020 - 22:47:27.559Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
10/7/2020 - 22:47:27.559Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
10/7/2020 - 22:47:27.559Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
10/7/2020 - 22:47:27.559Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
10/7/2020 - 22:47:27.559Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
10/7/2020 - 22:47:27.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
10/7/2020 - 22:47:27.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
10/7/2020 - 22:47:27.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
10/7/2020 - 22:47:27.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
10/7/2020 - 22:47:27.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
10/7/2020 - 22:47:27.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
10/7/2020 - 22:47:27.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL
10/7/2020 - 22:47:27.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL.DLL
10/7/2020 - 22:47:27.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL
10/7/2020 - 22:47:27.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL.DLL
10/7/2020 - 22:47:27.637Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
10/7/2020 - 22:47:27.637Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
10/7/2020 - 22:47:27.965Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
10/7/2020 - 22:47:27.965Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
10/7/2020 - 22:47:28.387Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
10/7/2020 - 22:47:28.434Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 22:47:28.434Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
10/7/2020 - 22:47:28.434Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 22:47:28.481Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 22:47:28.528Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 22:47:28.575Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 22:47:28.622Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
10/7/2020 - 22:47:28.622Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
10/7/2020 - 22:47:28.622Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
10/7/2020 - 22:47:28.622Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
10/7/2020 - 22:47:28.622Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
10/7/2020 - 22:47:28.622Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
10/7/2020 - 22:47:28.622Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:28.622Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:28.809Open2548C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 22:47:28.809Open2548C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 22:47:28.809Open2548C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 22:47:28.809Open2548C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 22:47:28.903Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
10/7/2020 - 22:47:28.903Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
10/7/2020 - 22:47:29.184Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
10/7/2020 - 22:47:29.184Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
10/7/2020 - 22:47:29.278Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
10/7/2020 - 22:47:29.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
10/7/2020 - 22:47:29.372Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
10/7/2020 - 22:47:29.559Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
10/7/2020 - 22:47:29.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
10/7/2020 - 22:47:29.747Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
10/7/2020 - 22:47:29.747Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
10/7/2020 - 22:47:29.793Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 22:47:29.793Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 22:47:29.793Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
10/7/2020 - 22:47:29.793Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
10/7/2020 - 22:47:29.793Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
10/7/2020 - 22:47:29.793Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
10/7/2020 - 22:47:29.793Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
10/7/2020 - 22:47:29.793Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
10/7/2020 - 22:47:29.793Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
10/7/2020 - 22:47:29.793Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 22:47:29.793Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
10/7/2020 - 22:47:29.793Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 22:47:29.793Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 22:47:29.793Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 22:47:29.793Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 22:47:29.840Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 22:47:29.887Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 22:47:29.934Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 22:47:29.981Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:47:29.981Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:47:29.981Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
10/7/2020 - 22:47:30.75Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
10/7/2020 - 22:47:30.122Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:30.122Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
10/7/2020 - 22:47:30.122Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:30.168Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:30.215Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:30.262Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:30.309Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:30.356Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:30.403Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:30.450Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 22:47:30.450Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 22:47:30.450Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
10/7/2020 - 22:47:30.497Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
10/7/2020 - 22:47:30.825Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:30.872Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:30.918Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:30.965Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:31.12Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
10/7/2020 - 22:47:31.59Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
10/7/2020 - 22:47:31.59Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
10/7/2020 - 22:47:31.247Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
10/7/2020 - 22:47:31.247Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
10/7/2020 - 22:47:31.528Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
10/7/2020 - 22:47:31.528Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
10/7/2020 - 22:47:31.903Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
10/7/2020 - 22:47:31.950Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
10/7/2020 - 22:47:32.231Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 22:47:32.231Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 22:47:32.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
10/7/2020 - 22:47:32.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
10/7/2020 - 22:47:32.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
10/7/2020 - 22:47:32.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
10/7/2020 - 22:47:32.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
10/7/2020 - 22:47:32.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
10/7/2020 - 22:47:32.559Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
10/7/2020 - 22:47:32.559Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
10/7/2020 - 22:47:32.747Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
10/7/2020 - 22:47:32.747Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
10/7/2020 - 22:47:33.90Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
10/7/2020 - 22:47:33.90Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
10/7/2020 - 22:47:33.231Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
10/7/2020 - 22:47:33.278Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
10/7/2020 - 22:47:33.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
10/7/2020 - 22:47:33.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
10/7/2020 - 22:47:33.793Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
10/7/2020 - 22:47:33.793Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
10/7/2020 - 22:47:34.75Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
10/7/2020 - 22:47:34.75Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
10/7/2020 - 22:47:34.75Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
10/7/2020 - 22:47:34.75Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
10/7/2020 - 22:47:34.356Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
10/7/2020 - 22:47:34.403Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
10/7/2020 - 22:47:34.684Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
10/7/2020 - 22:47:34.684Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
10/7/2020 - 22:47:35.153Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
10/7/2020 - 22:47:35.200Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
10/7/2020 - 22:47:35.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
10/7/2020 - 22:47:35.528Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
10/7/2020 - 22:47:36.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
10/7/2020 - 22:47:36.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
10/7/2020 - 22:47:36.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
10/7/2020 - 22:47:36.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
10/7/2020 - 22:47:36.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
10/7/2020 - 22:47:36.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
10/7/2020 - 22:47:36.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
10/7/2020 - 22:47:36.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
10/7/2020 - 22:47:36.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
10/7/2020 - 22:47:36.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
10/7/2020 - 22:47:36.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
10/7/2020 - 22:47:36.325Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
10/7/2020 - 22:47:36.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
10/7/2020 - 22:47:36.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
10/7/2020 - 22:47:36.840Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
10/7/2020 - 22:47:36.840Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
10/7/2020 - 22:47:37.168Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
10/7/2020 - 22:47:37.168Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
10/7/2020 - 22:47:37.434Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
10/7/2020 - 22:47:37.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
10/7/2020 - 22:47:37.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
10/7/2020 - 22:47:37.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
10/7/2020 - 22:47:37.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
10/7/2020 - 22:47:37.481Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
10/7/2020 - 22:47:37.497Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
10/7/2020 - 22:47:37.497Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
10/7/2020 - 22:47:37.497Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
10/7/2020 - 22:47:37.497Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
10/7/2020 - 22:47:37.497Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
10/7/2020 - 22:47:37.497Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
10/7/2020 - 22:47:37.497Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
10/7/2020 - 22:47:37.497Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
10/7/2020 - 22:47:37.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
10/7/2020 - 22:47:37.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
10/7/2020 - 22:47:37.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
10/7/2020 - 22:47:37.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
10/7/2020 - 22:47:37.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
10/7/2020 - 22:47:37.512Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:37.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
10/7/2020 - 22:47:37.512Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:37.512Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:37.512Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:37.512Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:37.512Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:37.512Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:37.512Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:37.512Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:37.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:47:37.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:47:37.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:47:37.512Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:47:37.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 22:47:37.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 22:47:37.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
10/7/2020 - 22:47:37.575Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
10/7/2020 - 22:47:37.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
10/7/2020 - 22:47:37.575Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
10/7/2020 - 22:47:37.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\qagentrt.dll
10/7/2020 - 22:47:37.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 22:47:37.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 22:47:37.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
10/7/2020 - 22:47:37.575Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.590Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
10/7/2020 - 22:47:37.606Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
10/7/2020 - 22:47:37.606Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
10/7/2020 - 22:47:37.606Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
10/7/2020 - 22:47:37.606Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
10/7/2020 - 22:47:37.606Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.668Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.668Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:37.809Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:37.950Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
10/7/2020 - 22:47:37.997Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
10/7/2020 - 22:47:38.43Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
10/7/2020 - 22:47:38.43Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
10/7/2020 - 22:47:38.43Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
10/7/2020 - 22:47:38.43Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.137Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:47:38.153Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 22:47:38.153Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 22:47:38.153Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 22:47:38.153Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 22:47:38.200Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.mui
10/7/2020 - 22:47:38.200Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
10/7/2020 - 22:47:38.200Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
10/7/2020 - 22:47:38.200Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:38.200Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:38.200Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:38.200Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:38.200Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:38.200Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:38.200Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:38.200Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:38.247Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
10/7/2020 - 22:47:38.247Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
10/7/2020 - 22:47:38.340Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:38.340Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:38.340Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
10/7/2020 - 22:47:38.340Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
10/7/2020 - 22:47:38.340Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
10/7/2020 - 22:47:38.340Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
10/7/2020 - 22:47:38.340Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
10/7/2020 - 22:47:38.387Open2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.mui
10/7/2020 - 22:47:38.387Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.muiwlancfg.dll.mui
10/7/2020 - 22:47:38.387Read2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.muiwlancfg.dll.mui
10/7/2020 - 22:47:38.762Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows
10/7/2020 - 22:47:38.762Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Monitor
10/7/2020 - 22:47:38.762Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.muinetsh.exe.mui
10/7/2020 - 22:47:38.762Unknown2908C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:47:38.762Open2548C:\malware.exeC:\cftp\Ftplist.txt
10/7/2020 - 22:47:38.762Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 22:47:38.762Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 22:47:38.762Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
10/7/2020 - 22:47:38.778Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
10/7/2020 - 22:47:38.778Open2548C:\malware.exeC:\Monitor\Folder.lst
10/7/2020 - 22:47:38.778Open2548C:\malware.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
10/7/2020 - 22:47:38.778Open2548C:\malware.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
10/7/2020 - 22:47:38.778Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 22:47:38.778Unknown2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Open2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.778Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Open2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:47:38.793Unknown2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:38.793Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
10/7/2020 - 22:47:38.793Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
10/7/2020 - 22:47:38.793Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 22:47:38.793Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 22:47:38.793Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
10/7/2020 - 22:47:38.809Open2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Open2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Open2548C:\malware.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 22:47:38.809Open2548C:\malware.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 22:47:38.809Open2548C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 22:47:38.809Open2548C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 22:47:38.809Open2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:38.809Read2548C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:38.825Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
10/7/2020 - 22:47:38.825Open2548C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
10/7/2020 - 22:47:38.825Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
10/7/2020 - 22:47:38.825Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/7/2020 - 22:47:38.825Open2548C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini

Process
Trace
10/7/2020 - 22:46:36.262Create1480C:\malware.exe2548C:\malware.exe
10/7/2020 - 22:47:27.231Create2548C:\malware.exe2908C:\Windows\SysWOW64\netsh.exe
10/7/2020 - 22:47:38.762Terminate2548C:\malware.exe2908C:\Windows\SysWOW64\netsh.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
10/7/2020 - 22:47:37.575Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.575Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.575Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.575Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.575Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-100
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-101
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-103
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-102
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.590Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-1
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-2
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-4
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-3
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.606Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-100
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-101
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-102
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-103
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:37.809Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:38.43Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-100
10/7/2020 - 22:47:38.43Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:38.43Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:38.43Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-101
10/7/2020 - 22:47:38.43Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:38.43Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:38.43Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-102
10/7/2020 - 22:47:38.43Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:38.43Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
10/7/2020 - 22:47:38.43Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-103
10/7/2020 - 22:47:38.43Write2908C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 69.86%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 96.49%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 58.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 55.58%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 25.40%
suspicious: False cancel

Add to Collection
Download